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METHOD OF SHARING PROPRIETARY INFORMATION 
Cross Reference to Related Co-Pending Applications 

This application claims the benefit of U.S. provisional application Ser. No. 60/163,231 filed 
5 on November 3, 1 999 and entitled "METHOD AND APPARATUS FOR PROPRIETARY 
DATA COLLECTION AND DISTRIBUTION" which is commonly assigned and the 
contents of which are expressly incorporated herein by reference. 

Field of the Invention 

10 The present invention relates to a method of sharing proprietary information, and more 
particularly to a method of sharing proprietary information that allows protection of 
intellectual assets while providing a collaborative working platform. 

Background of the Invention 

15 Protection of intellectual property assets is critical for maintaining a competitive advantage in 
today's business environment. At the same time, today*s businesses utilize manufacturing 
processes, business methods and equipment that are complex. This complexity of modern 
manufacturing processes, business methods and production equipment has lead to 
outsourcing of specific tasks and redistribution of responsibilities. This is especially the case 

20 for the operation and maintenance of complex production equipment. 

In a modern semiconductor fabrication facility (fab), production equipment may be operated, 
maintained and repaired by different groups of people. These different groups of people often 
belong to different companies. For example, a particular equipment may be operated by one 
group of fab employees, serviced by technicians from the original supplier of the equipment 
25 and routinely maintained by a third company under contract to the fab. Further, such 

arrangements may vary from equipment to equipment. In house fab technicians may be fully 
responsible for some equipment and prohibited from working on others. In some cases they 
may be permitted to perform certain levels of service before calling in a technician from 
another company. 

30 In light of this multi-organizational support needed to keep production facilities operating at 
peak efficiency, manufacturers often have to share information about specific production 
equipment and manufacturing processes with various organizations. This information is 
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usually proprietary and is held internally as part of the company's intellectual property assets. 
Therefore, there is a need for sharing selective equipment and process information while 
protecting and maintaining ownership of the company's intellectual property assets. 

5 Typically a manufacturer selects the type of data to be collected and the format in which it is 
stored. Data associated with the manufacturing process parameters, quality control and 
throughput are usually considered proprietary information and are stored at a server located at 
the manufacturer's site. Access to the server and to the particular proprietary information is 
usually limited to certain members of the manufacturer's operation. However, frequently, 

10 these data need to be analyzed to determine causes for defects or problems in the 

manufacturing process and to develop improvements of the process. Expert scientist and 
specialist from third party organizations are often contracted to conduct this analysis and 
recommend solutions. In cases where performance of a piece of equipment or consumable 
material used in the manufacturing process is an issue, suppliers of the spec ific piece of 

15 equipment or material need to be involved. Therefore, there is a need for these outside 

contracted experts and suppliers to gain controlled access, to proprietary data associated with 
the manufacturing process, in order to work collaboratively with the manufacturer's 
personnel to solve the problem. 

20 In some cases, equipment suppliers and third party experts have proprietary data and logic 
embodied in proprietary software application programs, which they do not wish to share with 
the manufacturers. However, the manufacturers may be willing to make their proprietary 
data available to be analyzed by the proprietary software of the suppliers and third party 
experts without exposing the raw data itself to the suppliers and third party experts. In other 

25 cases, third party experts and suppliers are willing to allow their proprietary data and 
software to be used for the analysis of manufacturers' data without exposing the raw 
proprietary data or logic to the manufacturers. All parties may agree to share data and results 
of the software operating on the data in a certain manner. 

30 Problems associated with a collaborative working environment involving sharing proprietary- 
data and software between manufacturers third party experts and suppliers include 
incompatibilities between different data formats and complicated management protocols and 
access control mechanisms. Further, concerns over the security of the shared data and 
software, especially transmission of raw real-time data out of the manufacturers' facilities, 
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makes manufacturers reluctant to share detailed, real-time data electronically. Therefore, 
there is a need for an industry-wide network that allows collection of proprietary information 
in compatible formats and secure, real-time, event-driven distribution of the proprietary 
information to network subscribers. 

5 

Summary of the Invention 

In general, in one aspect, the invention provides a method of sharing data that includes first 
agreeing upon rules of sharing and then providing a secure escrow zone for collecting and 
distributing data. The escrow zone includes a first database and an access control program for 

1 0 implementing the agreed upon rules. Next a first set of data from a first network is selected 
by passing them through a first data filter. The first set of filtered data is then transmitted 
from the first network to the escrow zone via a secure transmission mode and are deposited in 
the first database. The first set of filtered data are then accessed by accessing the first 
database and the access is controlled by the access control program according to the agreed 

15 upon rules. 

Implementations of this aspect of the invention may include one or more of the following 
features. The escrow zone may also include a second data filter for protecting the data flow 
in and out of the escrow zone. The first and second data filters may include a messaging 

20 middleware software. The first and second data filters may also include a table of rules 
defining policies regarding permissibility of data, information and applications programs 
attempting to cross the filters. The first and second data filters may further have a program to 
check message headers including identifications for each company, machine, production 
facility, machine supplier company, message type, message source and message purpose. The 

25 data may include proprietary information. The data may be real-time data. The sharing of 
data occurs between users subscribing to the escrow zone and accepting the agreed upon 
rules. The subscribing users may be selected from a group including manufacturers, 
suppliers, vendors, sales representatives, consultants, technical experts and financial analysts. 
The first set of filtered data may include at least one of machine status, process parameters, 

30 quality control data, product specifications, equipment specification, workflow data and 

company specific financial information. Accessing of data may include retrieving data from 
the first database and altering of data. The method may also include after depositing the data 
in the first database recording the deposition time, date, size, content, subject matter and user 
identification. The secure transmission mode includes first encrypting the first set of filtered 

3 
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data and then transmitting them via an internet network. The escrow zone may be located at 
the first network or at a third network different from the first. The data may be accessed 
remotely via an internet network, telephone line and a wireless connection. The method may 
further include selecting a second set of data from a second network by passing them through 
5 a second data filter, transmitting them to the escrow zone via a secure transmission mode and 
depositing them in the first database. First and second users connected to the first and second 
networks, respectively, may access the first database and the first and second set of filtered 
data. The first network may be located at a manufacturing company. The second network 
may be located at an equipment supplying company. The escrow zone may be located at the 
10 second network. The escrow zone may further include a people profile managing software 
and a people profile database. 

In general, in another aspect, the invention features a method of sharing data that includes 
first agreeing upon rules of sharing and then providing a secure escrow zone for collecting 

1 5 and distributing data. The escrow zone includes a first database and an access control 

program for implementing the agreed upon rules. Next a plurality of data from a plurality of 
networks are selected by passing them through a plurality of filters. The plurality of filtered 
data are then transmitted from the plurality of local networks to the escrow zone via a secure 
transmission mode and are deposited in the first database. The plurality of filtered data are 

20 then accessed by accessing the first database and the access is controlled by the access 

control program according to the agreed upon rules. A user connected to at least one of the 
local networks may access the plurality of data. 

In general, in another aspect, the invention features an escrow zone system for maintaining 
25 proprietary information and data. The escrow zone system includes a database and an access 
control program. Proprietary information and data are stored in the database. Access to the 
database is controlled by the access control program. 

Implementations of this aspect of the invention may include one or more of the following 
30 features. The escrow zone may also include a data filter for protecting the data flow in and 
out of the escrow zone. The data filter may include a messaging middleware software, a table 
of rules defining policies regarding permissibility of data, information and applications 
programs attempting to cross the filter and a program to check message headers including 
identifications for each company, machine, production facility, machine supplier company, 

4 



BNSDOC1D: <WO 0133759A1J_> 



WO 01/33759 



PCTYUS00/41797 



message type, message source and message purpose. The escrow zone system may further 
include a people profile managing program, a people profile database, an operating system 
and a local area network system connecting the database to a server hosting the access control 
program, the profile managing program and the database. 

5 

Among the advantages of this invention may be one or more of the following. The system 
provides non-invasive business to business communication and collaboration via an internet 
network. It offers standard or custom views of shared real-time data and reports to 
subscribing companies. The system also offers analytical tools and other shared software that 
10 allow exchange of proprietary data according to prearranged rules. 

The details of one or more embodiments of the invention are set forth in the accompanying 
drawings and description below. Other features, objects and advantages of the invention will 
be apparent from the following description of the preferred embodiments, the drawings and 
15 from the claims. 

Brief Description of the Drawings 

FIG, ! is a flow diagram of a method for sharing proprietary intellectual property (IP) data; 

20 FIG. 2 Is a schematic overview diagram of an escrow zone for sharing proprietary intellectual 
property data; 

FIG. 3 is a schematic overview diagram of another design of an escrow zone for sharing 
proprietary intellectual property data; 

25 

FIG. 4 is a Venn diagram representing an IP escrow zone; 

FIG. 5 is a schematic overview diagram of a network system including a manufacturer's local 
hub, a suppliers local hub and a central hub; 

30 

FIG. 6 is a flow diagram of an access control program for the escrow zones of FIGS. 2 and 3; 

FIG. 7 is a schematic diagram of an access control program for the escrow zones of FIGS. 2 
and 3; 

5 
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FIG. 8 is a flow diagram for entering a user into the network system of FIG. 5; 

FIG. 9 is a flow diagram for validating a user entering the system of FIG. 5 through the 
5 central hub: 

FIG. 10 is a flow diagram for validating a user entering the system of FIG. 5 through the local 
hub; 

1 0 FIG. 1 1 is a screen display of a webpage of "AvantNet Profile Manager'; and 

FIG. 12 is a screen display of a webpage of "AvantNet Profile Manager' depicting user 
assignment information. 

1 5 Detailed Description of the Invention 

Referring to FIG. U a method for sharing proprietary information, data and applications 
programs between two companies includes first deciding upon intellectual property (IP) 
ownership, establishing rules of sharing and accessing 10. Next an IP escrow zone is 
provided for storing proprietary information, data and applications programs 20. Next all 

20 proprietary information, data and applications programs are collected from the two 
companies that have accepted the rules of sharing and are transmitted to the IP escrow 
zone 30. Next all proprietary information, data and applications programs are deposited in 
the IP escrow zone and the applications programs are enabled to operate on the data 40. The 
IP escrow zone is then accessed to retrieve the deposited proprietary information, data and 

25 applications programs 50. In the financial industry, "escrow" is an account where a third 
party holds funds on behalf of two or more parties involved in a transaction. In connection 
with intellectual property assets an IP escrow zone is a digital storage space where two or 
more companies deposit data and applications programs and are allowed to access each 
other's deposited data and applications programs based on a contractual arrangement. The IP 

30 escrow zone is maintained by a third party. An access control program controls the accessing 
of the escrow zone and the proprietary information and data 60. 

The rules of sharing include what information, data and applications programs are shared, 
who has access to the shared information, when and where is the information available, the 

6 



BNSDOCID: <WO. 



_0133759A1J_> 



WO 01/33759 PCT/US00/41797 

format in which information is available, whether the information is available in absolute 
units of measure or only relative units such as offsets from or percentages of target values, 
the conditions under which normal or exceptional sharing is allowed and how information is 
accessed. The IP escrow zone includes at least a database for storing shared information, 
5 data and applications programs and an access control program. One or more data sources 
associated with the one or more companies that have accepted the escrow agreement, 
respectively, send data to the database. A filter selects which data are allowed to flow into or 
out of the IP escrow zone. The data transmission occurs over a public internet network via a 
secure transmission mode. The filtered data are deposited in the database and a record is 
1 0 created summarizing the time and date of deposition, type of data, subject matter and origin 
of data. An agreed upon set of operations and analysis is performed on the data by the stored 
applications programs. A user accesses the data and the results of the applications programs 
by accessing the escrow zone and the access is controlled by the access control program. 

15 Referring to FIG. 2, a local hub. network 1 10 includes proprietary applications and database 
modules 220 and 220A and a shared applications and database module 210. Each module 
210, 220 A and 220 includes a computer server 41, 42, 43 and a database 41 A. 42 A, 43 A, 
respectively. Local hub 1 1 0 is located at a manufacturing facility and collects data from a 
sensor 44 and a factory local area network (LAN) 240. Sensor 44 is located in machine 212 

20 and transmits data to the local hub 1 1 0 via a sensor data link 1 25. Data from the factory LAN 
are transmitted to the local hub 1 1 0 via a factory data link 135. Modules 21 0, 220A and 220 
are connected to a local hub LAN 25 1 . Local hub LAN 25 1 also connects to an internet 
network 160. Local hub 1 10 is separated from an internet network 160 by a firewall 162. 
Data flow from the internet network 160, sensor data link 125 and factory data link 135 into 

25 the local hub 1 10 pass through an external data filter 270, a sensor data filter 240 and a 
factory data filter 250 ? respectively. In one example, the sensor 44 is an optical sensor 
located in a chemical vapor deposition (CVD) chamber 212 used in the manufacturing 
facility where the local hub 1 10 is located, the internet network 160 is the global TCP-IP 
Internet and the local area network is an Ethernet LAN. Firewall 162 is a computer that 

30 serves to insulate and protect the local hub 1 10 and its data. It provides security and/or 
encryption of the data transmitted to or received by the local hub 1 1 0 from the internet 
network 160. An example of such a device is the Sonic WALL Pro. supplied by SonicWALL, 
Inc. 

7 
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Computer servers 41, 42, 43 are computers running an operating system and host applications 
programs. In one example, the operating system is Microsoft™ Windows NT™. Server 41 
hosts applications programs that are shared by all parties having access to the local hub 1 10. 
The shared applications programs include database management, data collection and routing 
5 and notification. Database 41 A is attached to server 41 and stores data that are shared by all 
parties having access to the local hub 1 10. Servers 42 and 43 host applications programs 
specific to running the operations and equipment in the manufacturing facility. In one 
example, the specific application is a software used by the supplier of the CVD chamber 212 
to achieve run-to-run consistency by compensating for minor input variations. In another 

10 example, the specific application program is an equipment monitor program that an 

equipment maintenance service provider uses to monitor the machine's internal vital signs 
and to detect performance degradation or outright failures. Database 42 A is attached to 
server 42 and stores data associated with the applications programs that are hosted in server 
42. In one example, these data are proprietary machine performance data that the supplier of 

15 the machine collects and does not wish to share, with the manufacturer that uses the machine 
or other third parties. Database 43 is attached to server 43 and stores data associated with the 
applications programs that are hosted in server 43. In one example, these data are proprietary 
data on machine consumables usage that the supplier of the consumables collects and does 
not wish to share with the manufacturer that uses the machine or other third parties. 

20 

Sensor data filter 240, factory data filter 250 and external filter 270 have hardware and 
software components that mediate the flow of data between the local hub 110 and 
machine 212, factory LAN 240 and a third party accessing the local hub via the internet 
network 1 60, respectively. The hardware components include a server and associated 

25 equipment, running an operating system such as Linux and a firewall server running a 
software program such as Firewall- 1 provided by Checkpoint of Redwood City, CA. The 
software component is a messaging middleware application that is used in the 
communications between data sources attached to factory LAN 240 and local hub LAN 25 1 . 
In one example, the messaging middleware application is The Information Bus (TIB) 

30 supplied by TIBCO Software, Inc., of Palo Alto, CA. Each communication between data 
sources or publishers on one side of a filter and data consumers or subscribers on the other 
side of a filter has an attached header. The attached header follows a naming scheme that is 
understood by the filter. In one example, the header includes the manufacturing company 
identification (ID), the manufacturing facility ID, a machine ID, machine supplier company 

8 
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ID ? a message type ID. a message source ID and a message purpose ID. Each filter has an 
associated rules table that defines the policy regarding the permissibility of each message 
attempting to cross the filter. In one example, the factory data filter 250 prohibits passage of 
data from the factory LAN 240 to the local hub LAN 251, if the message source is the factory 
5 scheduling system and the message type is not machine maintenance request and the message 
purpose is not to schedule a preventive maintenance procedure with the machine supplier' 
scheduling system. In another example, the external data filter 270 prohibits passage of a 
message if the message source is a sensor attached to a specific machine and the data type is 
raw sensor data. The software components of the filter include software programs that use the 

1 0 message header and naming schemes of the messaging middleware to decide whether or not 
to allow passage of each message. In one example this is accomplished by using the 
Entitlements feature of TIB supplied by TIBCO Software, Inc., of Palo Alto, CA. The 
specific configuration of the applicable rules table is typically determined by contractual 
arrangement between the production facility and the vendors and suppliers with whom the 

15 data will be exchanged. 

Referring to FIG. 3, local hubs 1 10 and 120 are connected to an intellectual property escrow 
zone 1 50 via an internet network 160. The intellectual property escrow zone 150 includes a 
central hub local area network (LAN) 440, a server hosting shared applications and 

20 associated databases 420, an access control program 86 and a server hosting proprietary 
applications and their associated databases 410. Data from local hub 1 10 pass through a 
local hub external data filter 270 and a local hub firewall 162 and are transmitted via an 
internet network 160 to the intellectual property escrow zone 1 50. Similarly data from local 
hub 120 pass through a local hub data filter 270A and a local hub firewall 162 A and are 

25 transmitted via an internet network 1 60 to the intellectual property escrow zone 1 50. Data 
flow from and to the intellectual property escrow zone 1 50 is also protected by a firewall 166 
and a data filter 78. In one example, firewalls 162, 162 A, 166 are the security and encryption 
programs Firewall- 1 provided by Checkpoint of Redwood City, CA, the access control 
program is SiteMinder, supplied by Netegrity, of Waltham, MA and the software filters 270, 

30 270A, 78 are TIB, supplied by TIBCO Software Inc., of Palo Alto, CA.. 

Figure 4 is a Venn diagram that shows how data, applications and the IP property that is 
contained in data and applications are shared among three parties in an IP escrow 
arrangement. The three parties include a factory 200, a vendor 435 and a supplier 300. The 

9 
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three parties share data and applications hosted in the IP escrow zone 1 50. A machine 2 1 2 
located in factory 200 also sends data directly to IP escrow zone 1 50. IP escrow zone 1 50 
represents the logical space managed by the hardware and software of the present invention, 
including shared applications and data residing on local hubs associated with the factory 200, 
5 vendor 435 and supplier 300. Machine 212 represents data transmitted from or to a 

production machine. Data received from a machine include operating parameters, settings 
and sensor outputs. Data transmitted to a machine include queries and control commands. 
Factory 200 represents the logical space occupied by a production facility. Supplier 300 
represents the logical space of a supplier. Vendor 435 represents the logical space of a 
JO vendor. 

The IP escrow zone 1 50 further includes machine data 200A, supplier applications and 
data 300A, and vendor applications and data 435A. Machine data 200A represents the 
intellectual property residing in or derived from applications or data within machine 212. 

1 5 Supplier applications and data 300A represents the intellectual property residing in or derived 
from the supplier's applications and data. Vendor applications and data 43 5A represents the 
intellectual property residing in or derived from the vendors applications and data. The 
ellipses representing machine data 200A, supplier applications and data 420, and vendor 
applications and data 430 are further divided into regions A 450, B 455, C 460, D 465, E 470, 

20 F 480, and G 490. Region A 450, which is machine data 200A less regions B 455 and D 465, 
represents the proprietary intellectual property space of the production facility 200, which is 
available only to the factory 200 ? The information within this region is not shared with 
outside parties. Region B 455, which is the intersection of machine data 200A and supplier 
applications and data 300A, represents the intellectual property space shared between the 

25 factory 200 and the supplier 300 under the escrow arrangement. Region C 460 represents the 
intellectual property space that the supplier 300 chooses to keep proprietary, and which is hot 
shared with any other parties to the escrow agreement. It Is accessed only by the supplier 
300. Region D 465 is similar to region B 455. It represents the intellectual property space 
shared between the factory 200 and the vendor 435 under the escrow arrangement. These data 

30 are available only to the factory 200 and the vendor 435. Region E 470 represents the 

intellectual property space that the vendor 435 chooses to keep proprietary and is not shared 
with any other parties to the escrow agreement. It is accessed only by the vendor 435. 
Region F 480 represents the intellectual property space shared among all three parties of the 
escrow arrangement. These data are provided to and shared between the factory 200, the 

10 
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supplier 300 and the vendor 435. Region G 490 represents the intellectual property space 
shared between the supplier 300 and the vendor 435 under the escrow arrangement. This 
space is only accessible by the supplier 300 and the vendor 435, although the factory 200 
. may provide inputs to the applications running in this space. 

5 Referring to FIG. 5. local hub 1 10 is installed at a manufacturers site and serves the purpose 
of centralizing all the local data, information and communication protocols. In one example, 
local hub 1 1 0 supports data and information associated with a semiconductor fabrication 
operation 200. The semiconductor fabrication operation 200 includes a manufacturing 
line 210 that produces integrated circuit devices ("chips'*), a resource planning system 222 

10 that plans and coordinates the production operation, a database 221 for storing all the data 
associated with the semiconductor fabrication operation 200 and a local area network 
(LAN) 240 that provides connectivity between the manufacturing line 210, the resource 
planning system 222 and the database 221 . In one example, the local area network 240 is an 
Ethernet LAN and the resource planning system 222 is an Enterprise .Resource 

1 5 Planning(ERP) system. The manufacturing line 210 includes a chemical vapor deposition 
(CVD) chamber 212 for depositing thin films on semiconductor wafers, a photolithography 
station 214, a chemical mechanical polishing (CMP) apparatus 216 and a quality control and 
packaging station 218. Control units 213, 215, 217 and 219 for the CVD chamber 212, the 
photolithography station 214, the CMP apparatus 2 1 6 and the quality control and packaging 

20 line 218, respectively, are connected to the LAN network 240 via a data link line 232. 
Examples of control units 213, 215, 217 and 219 include programmable logic controllers 
(PLC), microcomputers, and computer workstations. Examples of a data link 232 include 
optical interfaces and electrical interfaces. 

LAN network 240 connects to the local hub 1 10 through a local hub network 25 L Similarly, 
25 the resource planning system 222 and the database 221 are connected to the local hub 

network 25 1 through the LAN network 240. Local hub 1 10 serves as the local control and 
data acquisition station for the semiconductor fabrication operation 200. Operators, 
manufacturing managers, engineers, sales and business managers associated with the 
semiconductor fabrication operation 200 have access to the production operation through 
30 their personal computers 245 that are also connected to the local hub 1 10 via the local hub 
network 251. In other embodiments personal computers 245 are connected to the LAN 
network 240. The semiconductor quality control and packaging station 218 connects also 

11 
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directly to the local hub network 25 1 via a sensor data link 223. Sensor data link 223 
receives data from a sensor (not shown) that is embedded in the packaging station 2 1 8 and 
transmits them to the local hub 1 1 0. Sensors embedded in the packaging station 218 include 
optical, electrical and magnetic sensors. 

5 

Local hub 120 is installed at a supplier's site and serves the purpose of centralizing all the 
local data, information and communication protocols. In one example, local hub 120 is 
located at an equipment supplier company 300 that supplies the above-mentioned CVD 
chamber 212. The operation at equipment supplier 300 includes R&D and customer support 

10 system 309 for the CVD chambers, a failure diagnostic system 319 that facilitates trouble 
shooting the CVD chamber operation, a database 330 for storing all the data associated with 
the CVD chamber operation and diagnosis and a local network 305 that provides connectivity 
between the CVD customer support system 309, the failure diagnosis system 3 19 and the 
database 330. The CVD chamber customer support system 309 is connected to the local hub 

15 120 via the local hub network 340 and the local net 305. The failure diagnostic system 319 
and the database 330 are also connected to the local hub 120 through the local hub network 
340 and the local net 305. Local hub 120 serves as the central local control station for the 
CVD chamber supplier 300. Customer support staff, engineers, sales and business managers 
associated with the CVD chamber supplier company 300 have access to the customer support 

20 system 309 through personal computers 345 that are also connected to the local hub network 
120 via the local hub network 340 and the local net 305. Local hub 120 has also it's own 
security system that provides security, authorization and access control for customer support 
staff, engineers, sales and business managers associated with the CVD chamber supplier 
company 300. 

25 

Local hub 1 10 of the semiconductor fabrication operation 200 and local hub 120 of the CVD 
chamber supplier are connected to a central hub 150 via an internet network 160. Security 
firewalls 162, 164 and 166 are installed between the local hub 1 10 and the internet 
network 160, between the local hub 120 and the internet network 160 and between the central 
30 hub 150 and the internet network 160, respectively. In one example, internet network 160 is 
the "Internet" and firewalls 162, 164 and 166 are computers or other digital appliances that 
run security and encryption software programs. The purpose of the firewalls 162, 164 and 
166 is to control and prevent access to the local hubs 1 10, 120, and central hub 150 by 
unauthorized external users. Data transmitted through the firewalls 162, 164 and 166 are 
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encrypted for security purposes. In one example, the firewall security and encryption 
program is Firewall- 1 provided by Checkpoint of Redwood City, CA. 

Central hub 1 50 is located at the network provider's site, i.e., AvantNet. and includes a 
5 central database 430, a messaging server 41 0, an application server 420, a data replication 
server 415 and a LAN network 440 connecting the central database 430 and servers 410, 415 
and 420. A firewall 166 is installed between the central hub 150 and the internet 
network 160. Application server 420 includes a computer server and associated equipment, 
running an operating system and applications that can be accessed and shared between the 

1 0 local hubs 11 0 and 1 20 and other authorized and authenticated users 1 25 accessing the central 
hub via the internet network 160. In one example, the operating system is a Microsoft™ 
Windows™ NT™ system. Applications running on the application server 420 include access 
control software, data acquisition software, analytical software, process control software, 
equipment diagnostic software, process diagnostic software, yield diagnostic software, 

15 knowledge databases, routing and notification instructions, equipment repair and 
maintenance management software, instructions and manuals, supply chain planning, 
coordination and procurement software, call center applications and problem management 
applications. Applications runnings application server 420 run also on the local hub 
applications servers 220 and 320. In this way, two layers of application providers are 

20 possible, that is an application is hosted at the local hub and the central hub servers. 

Applications stored at the local hub servers offer a privacy advantage to the manufacturer that 
houses the local hub, whereas applications stored at the central hub have the advantage of 
allowing sharing by multiple users. In other embodiments, the above mentioned applications 
are stored only at the central hub applications server 420 and are accessed and shared by the 

25 subscribing local hubs 1 10, 120. 

The central database 430 hosts data from the local hubs 1 10 and 120 that can be accessed by 
both the semiconductor fabrication operation 200 and the equipment supplier company 300 
based on a contractual arrangement. In some cases a third party 125 is also allowed to access 
30 the data stored in the central database 430 based again on contractual arrangements between 
the third party, the semiconductor fabrication operation 200 and the equipment supplier 
company 300. The database 430 is managed by database software, such as Microsoft™ SQL 
Server™. Third party data are also stored at the central database and can be accessed by 
both the semiconductor fabrication operation 200 and the equipment supplier company 300 

13 
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based on a contractual arrangement. Real time equipment status data flows from, the 
manufacturer site 200 to the supplier site 300 via the central hub 150, shown schematically by 
arrow 90. Equipment process and maintenance tips, manuals and training material flow from 
the supplier site 300 to the manufacturer site 200 via the central hub 150, shown 
5 schematically by arrow 92. 

Data travels along paths 170 and 172 from the local hub 1 10 to the central hub 1 50 and 
back, respectively, and along paths 174 and 176 from the local hub 120 to the central hub 150 
and back, respectively. The data flow includes passive listening and retrieving of data and 

10 active altering of data and issuing of commands. Both the passive and active flow of data is 
managed by a messaging middleware application, that is installed in the messaging 
server 4 1 0. In one example, the messaging middleware application is The Information Bus 
(TIB) supplied by TIBCO Software, Inc., of Palo Alto, CA In some embodiments, the data 
transfer process is automated. In one example, the data is a user's manual for a piece of 

15 equipment, which is stored in the central database 430 and can be accessed by all 

manufacturer's that use the specific equipment in their operations and have either a local hub 
connected to the central hub or have remote dial in access to the central hub. Upgrades of the 
manual are automatically fed to the central database 430 from the equipment supplier 300 and 
can be accessed by all manufacturers 200 without delay. 

20 

A data replication software manages replication and synchronization of data between the 
local hubs 110, 120 and the central hub 150. The data replication software is installed in the 
data replication servers 415, 215 and 3 15 of the central hub server 150 and the local hubs 1 10 
and 120, respectively. Connectivity and administration of the overall network and hub 
25 operations are provided by an internet service provider: In one example the internet service 
provider is EXODUS, Inc located in Santa Clara, California. 

Referring to FIGS. 6 and 5, access control is part of an overall security method that also 
includes authentication and adjudication. A "user" associated with the semiconductor 
30 fabrication operation 200 of FIG. 5, i.e., operators, manufacturing managers, engineers, sales 
and business managers, is assigned a profile that includes a user identification name (ID) and 
a password. Every time a "user" logs into the local hub 1 10 through a personal computer 245, 
he needs to provide his assigned user identification name and password 510. The access 
control program identifies all the appropriate user profiles, classes of equipment data and 

14 
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application functions that the '"user" has access to and allows the "user" to proceed 5 12; If 
the user does not belong to any of the identified profiles, access is denied 514. After this 
authentication process the "user 5 accesses a subset of application functions that may include 
listening, retrieving, altering data or issuing a command and class of data 5 1 6. Next the 
5 "user 5 selects a specific application function applied to a specific set of data 518. The 
requested operation is allowed to be executed based on the authentication information 
combined with the appropriate retrieved access function that was assigned to the specific 
member that is requesting the operation 520. The access control program then adjudicates 
the selected operation and based on stored information displays the requested data and 
1 0 application function 522 or denies it 524. 

Machine and people profiles are created by local and/or central profile managing software. 
Local profile manager creates and updates data stored in the local people profile databases 
605a, 605b, shown in FIG. 3. Local people profile databases 605a, 605b hold information 

15 about who is authorized to use which functionality within which application to view or 

manipulate which data about which equipment, who has local access and to what, who needs 
to be alerted internally or externally in case of a problem and who needs to be notified at 
which escalation level. Central profile manager creates and updates data stored in the central 
people profile database 627, also shown in FIG. 3. Central people profile database 627 holds 

20 information about individual person set-up, individual to company relation, individual to 
equipment relation, who has central access and to what, company specific alerting and 
escalation profiles and individual to profile assignment. The central profile manager and the 
central profile database 627 have similar functionality and data as the local profile manager 
and local profile database 605. The central profile manager has the additional function of 

25 coordinating with the local profile manager in order to disseminate, replicate and synchronize 
profile changes made to any local database 605a, 605b at any local hub. In one example, 
changes in access rights and profiles caused by employee turnover at equipment supplier 
local hub 120 are made available to manufacturer local hub 1 10 in real time, shown in FIG 5. 
This is particularly useful if the concerned employee had access rights to local hub 110 

30 because of his or her employment with supplier 300. 

Referring to FIGS. 7 and 5, an access control system 86 includes proprietary data 81, agreed 
upon rules 83, user interfaces 85, people profile database 90, equipment, specification 
database 95 and application functions 96. The applications functions 96 include listening, 
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retrieving, modifying of data and issuing and executing control commands. Accordingly, 
several access levels are defined by segmenting and grouping the various access application 
functions 96. User groups, such as operators, manufacturing managers, engineers, sales and 
business managers associated with the production operation 200, are each assigned one or 
5 more appropriate access level group profiles 9 1 . Each individual user 92 is then assigned to 
one or more group profiles 91 . This assignment of access functions to each group profile 91 
and the assignment of individual users 92 to group profiles are stored in a people profile 
database 90. Each profile may be connected to one or more individual users. In addition to a 
people profile database 90 and the access application functions 96, an access control 

10 system 86 includes an equipment specification database 95. Equipment specification 

database 95 includes the individual machines 94 and also groups or classes of machines 93. 
The machine classes 93 include individual machines 94. Machines belonging to the same 
class are subject to the same access control rules. Each individual machine may be assigned 
to one or more classes. Each class includes one or more machines. All access to data is only 

1 5 permitted via an application. Within each application access to data is further controlled by 
controlling access to functions of the application. In one example, an application has one 
function for viewing the machine status and another function for viewing and updating the 
machine status. Accordingly, an operator having a restricted access profile is only allowed to 
view a machine status, whereas an operations manager with a more extended access profile is 

20 allowed to view and update the machine status. The proprietary information and data 8 1, the 
agreed upon rules 83 and the user interfaces 85 are stored in the IP escrow zone at local hub 
1 10 or in the IP escrow zone at the central hub 150 of FIG. 5. 

Referring to FIG. 8, the process of entering a new User into a profile database includes the 
25 following steps. A local system administrator enters the new user s data at the local hub 101. 
The new user's data are checked against all stored user's data in the central hub for duplicate 
entries. A list of close matches is retrieved 1 12 and one is selected 1 13. If there is a match 
all the detailed personal information is downloaded from the central hub 1 16. If there is no 
close match 1 14 central hub issues a new ID 115 and the local system administrator enters 
30 new user's data 131. The local system administrator connects the user to a profile 141 and 
deposits new user's ID and assigned profile in the appropriate company specific database 
stored in the central hub 118. The new user's ID and assigned profile are also sent to the 
local profile manager 230. Central profile manager performs periodic profile matching and 
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replication 1 17 between central hub profiles stored in central database 430 and local hub 
profiles stored in local hub database 230- 

Referring to FIG. 9, when a user logs in 101 the central hub a validation process 1 1 1 follows 
that includes the following steps. First the system checks if there is a user ID matching the 
5 user's identification and password in the central hub profile database 121. If the users ID 
exists the system identifies a superset or a group of profiles to which the user belongs 131. 
Next the system identifies a superset of all the applications rights, i.e., all the applications to 
which the identified group of profiles has access 141. The available applications are then 
displayed to the user 151. The displays are usually webpages projected in a computer screen, 

10 shown in FIGS. 1 land 12. The user then selects an application 161. The system determines 
a superset of function rights, i.e., all the specific functions that the user is allowed to access 
within a given application for a given class of machine data 1 71 . The highest access for each 
class is then determined 181. The system then displays a map of the available functions for 
each class of machine data 191 . System runs the selected application 202. If the user's 

15 profile does not exist in the system, the user is rejected 201 . In this case the user has the 

option to repeat the login procedure 203 for a preset number of attempts before the user ID is 
temporarily disabled and an alert is sent to the appropriate security administrator. 

Referring to FIG. 10, when a user logs in 101 through a local hub a validation process 1 1 1 
follows that includes the following steps. First the system checks if there is a profile in the 

20 local profile database matching the user's identification and password. If the user's profile 
exists the system identifies a superset or a group of profiles to which the user belongs 121. 
Next the system identifies a superset of all the applications rights, i.e., all the applications to 
which the identified profile has access 13 1 and displays all available applications to the 
user 141. The user then selects an application 151. The system determines a superset of 

25 function rights, i.e., all the specific functions that the user is allowed to access within a given 
application for a given class of machine data 161. The highest access for each class of 
machine data is then determined 171 and the system then displays a map of the available 
. functions for each class of machine data for the selected application 1 72. The system runs 
the application 173 . 

30 If the user is a member of the local hub but logs in through the central hub 181, the access 
control of the central hub performs the authentication process 191, i.e., identification and 
password.. If the profile exists in the central profile database, it is matched with the 

17 



BNSDOCID: <WO 



0133759A1 I > 



WO 01/33759 PCT/US00/41797 

appropriate company and local hub 201 and the local hub access control is invoked 121. If 
the user belongs to a different company and logs in through the central hub 22 1 , the access 
control of the central hub authenticates the user 23 1 . If the' profile exists in the central profile 
database, it is matched with the appropriate company and local hub 201 and the local hub 
5 access control is invoked 121. If the user is a third party, logs in through a local hub 241 and 
this is not the first time that the user logs in, the request is routed to the central access 
control 3 1 1 where authentication takes place. If the profile exists in the central profile 
database 321, it is matched with the appropriate company and the local hub access control is 
invoked 121; If the profile does not match an existing profile in the central profile database, 

1 0 the user is rejected 331. If the user is a third party, logs in through a local hub 24 1 and this is 
the first time that the user logs in 25 1, the local host administrator receives a request to add a 
new user 261. The local host administrator decides and creates a local hub identification and 
password 271 . The local host administrator then checks the primary company affiliation at 
the central profile database 280. If there is a match with a profile affiliated with a subscribing 

1 5 company in the central profile database 290, the profile is downloaded to the local hub 301 . 

Referring to FIGS. 1 1 and 12, in one example user B is a member of ABC International 
Corporation and has an assigned profile pi . The central profile manager matches the user B 
to profile pi and displays all classes of machine data available to profile pi . Profile pi has 
two classes of machine data available, cl and c2. Class cl includes data for machines om I, 
20 om2, om3 and class c2 includes data for machine om3. A map of all profiles pi, p2, plO, 
classes per profile cl, c2, c4, c5, c6 and machines per class om 1, om2, om3, om4, om5, om6 
is also displayed, shown in FIG. 12. In this example, the application is listening and 
retrieving data of machine om 1 . 

25 Other embodiments are within the scope of this invention. For example, the IP escrow zone 
may include more than one databases and servers. The data transmission may occur via a 
secure private network. Data filters 240, 250 and 270 of FIG. 2 may each include a firewall. 
More than two local hubs may be connected to the central hub of FIG. 3. A user may be 
authenticated via a digital certificate, digital key or a smart card, among others. The escrow 

30 zone may also hold software programs and data calculated by software programs. The 
escrow zone may be located in one of the local hubs and managed by the local hub 
administration. 
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The many features and advantages of the present invention are apparent from the detailed 
specification, and, thus, it is intended by the appended claims to cover all such features and 
advantages of the described apparatus that follow the true spirit and scope of the invention. 
Furthermore, since numerous modifications and changes will readily occur to those of skill in 
5 the art, it is not desired to limit the invention to the exact construction and operation 

described herein. Accordingly, other embodiments are within the scope of the following 
claims. 
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What is claimed is: 



1 1 . A method of sharing data comprising: 

2 agreeing upon rules of sharing; 

3 providing a secure escrow zone for collecting and distributing data comprising a first 

4 database and an access control program for implementing said agreed upon rules; 

5 selecting a first set of data from a first network by passing data through a first data 

6 filter; 

7 transmitting said first set of filtered data from said first network to said escrow zone 

8 via a secure transmission mode; 

9 depositing said first set of filtered data in said first database: and 

10 accessing said first set of filtered data in said first database wherein said access is 

1 1 controlled by said access control program according to said agreed upon rules. 

1 2. The method of claim 1 wherein said escrow zone further comprises a second data filter 

2 for protecting data flow in and out of said first database. 

1 3. The method of claim 2 wherein said first and second data filter comprise a messaging 

2 middleware software. 

1 4, The method of claim 3 wherein said first and second data filter further comprise a table of 

2 . rules defining policies regarding permissibility of data, information and applications 

3 programs attempting to cross said filters. 

1 5 . The method of claim 4 wherein said first and second data filter further comprise a header 

2 including identifications for each company, machine, production facility, machine 

3 supplier company, message type, message source and message purpose. 

1 6. The method of claim 1 wherein said first set of filtered data comprise proprietary 

2 information. 

1 7. The method of claim 1 wherein said first set of filtered data comprise real-time data. 
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1 8. The method of claim 1 wherein said sharing of data occurs between users subscribing to 

2 said escrow zone and accepting said agreed upon rules. 

1 9. The method of claim 8 wherein said subscribing users are selected from a group 

2 consisting of manufacturers, suppliers, vendors, sales representatives, consultants. 

3 technical experts and financial analysts. 

1 1 0. The method of claim 1 wherein said first set of filtered data comprise at least one of 

2 machine status, process parameters, quality control data, product specifications, 

3 equipment specification, work flow data and company specific financial information. 

1 11. The method of c laim 1 further comprising retrieving said first set of filtered data from 

2 said first database. 

1 12. The method of claim 1 further comprising altering said first set of filtered data. 

1 13. The method of claim 1 further comprising after depositing said data recording said 

2 deposition of data in said first database. 

1 14. The method of claim 1 3 wherein said recording comprises recording at least one of time, 

2 date, size, content, subject matter and user identification. 

1 1 5. The method of claim 1 wherein said secure transmission mode comprises: 

2 encryption of said first set of filtered data; and 

3 transmission of said encrypted data via an internet network. 

1 16. The method of claim 1 wherein said escrow zone is located at said first network. 

1 1 7. The method of claim 1 wherein said escrow zone is located at a third network. 

1 1 8. The method of claim 1 wherein said data are accessed remotely via an internet network. 

1 19. The method of claim 1 wherein said data are accessed remotely via a telephone line. 

21 



BNSDOCID: <WO 0133759A1 I > 



WO 01/33759 



PCTYUS00/41797 



1 20. The method of claim 1 wherein said data are accessed remotely via a wireless connection. 

1 21 . The method of claim 1 further comprising: 

2 selecting a second set of data from a second network by passing them through a third 

3 data filter; 

4 transmitting said second set of filtered data from said second network to said escrow 

5 zone via a secure transmission mode; 

6 depositing said second set of filtered data in said first database; and 

7 wherein a first and second users connected to said first and second networks, 

8 respectively, have access to said first database and said first and second set of filtered 

9 data. 

I 22. The method of claim 1 wherein said first network is located at a manufacturing company. 

1 23. The method of claim 21 wherein said second network is located at an equipment 

2 supplying company. 

1 24. The method of claim 21, wherein said escrow zone is located at said second network. 

1 25. A method of sharing data comprising: 

2 agreeing upon rules of sharing; 

3 providing a secure escrow zone for collecting and distributing data comprising a first 

4 database and an access control program for implementing said agreed upon rules; 

5 selecting a plurality of data from a corresponding plurality of networks by passing 

6 them through a corresponding plurality of data filters; 

7 transmitting said plurality of filtered data from said plurality of networks to said 

8 escrow zone via a secure transmission mode; 

9 depositing said plurality of filtered data in said first database; and 

10 accessing said plurality of filtered data in said first database wherein said access is 

1 1 controlled by said access control program according to said agreed upon rules. 

1 26. The method of claim 25 wherein said escrow zone is located at a central network 

2 connected to said plurality of networks via an internet network. 
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1 27. The method of claim 25 wherein said escrow zone is located at one of said plurality of 

2 networks. 

1 28. The method of claim 25 wherein said data are accessed by a user connected to at least one 

2 of said plurality of networks. 

1 29. The method of claim 1 wherein said escrow zone further comprises a people profile 

2 managing software. 

1 30. The method of claim 1 wherein said escrow zone further comprises a people profile 

2 database. 

1 3 1 . An escrow zone system for maintaining proprietary information and data comprising: 

2 a database; 

3 an access control program; and 

4 wherein said proprietary information and data are stored in said database and access 

5 to said database is controlled by said access control program. 

1 32. The escrow zone system of claim 3 1 further comprising a data filter for protecting data 

2 flow in and out of said database. 

1 33. The escrow zone system of claim 32 wherein said data filter comprises a messaging 

2 middleware software. 

1 34. The escrow zone system of claim 33 wherein said data filter further comprises a table of 

2 rules defining policies regarding permissibility of data, information and applications 

3 programs attempting to cross said filters. 

1 35. The escrow zone system of claim 33 wherein said data filter further comprises a software 

2 program for checking message headers including identifications for at least one of 

3 company, machine, production facility, machine supplier company, message type, 

4 message source and message purpose. 
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1 36. The escrow zone system of claim 30 further comprising a people profile managing 

2 program. 

I 37. The.escrow zone system of claim 30 further comprising a people profile database. 

1 38. The escrow zone system of claim 30 further comprising an operating system. 

1 39. The escrow zone system of claim 30 further comprising a local area network connecting 

2 said database to a server hosting said access control program. 
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